Closed HJX-zhanS closed 1 year ago
plusvic
commented
1 year ago That's because of (?:\/c|\/r) and (?:\.exe). The ?: in front of a capture group usually means that don't want to capture it, but YARA doesn't support capture groups, and ?: is not supported at all. Simply remove the ?:.
HJX-zhanS
commented
1 year ago That's because of
(?:\/c|\/r)and(?:\.exe). The?:in front of a capture group usually means that don't want to capture it, but YARA doesn't support capture groups, and?:is not supported at all. Simply remove the?:.
Get it! Thanks!
Hello,
When I try to use this regular expression:
.*cmd.{0,5}(?:\/c|\/r).+clip(?:\.exe)?.{0,4}&&.+clipboard]::\(\s\\\"\{\d\}.+\-f.+\"I am faced with the following errors: invalid regular expression "$sens_str1": syntax error, unexpected '?'
I checked my regular expressions and found that there were no errors. I don't know if yara-python doesn't support the scene of '?' in "()".
Can you help me? Thanks